On dinsdag 8 maart 2016 18:13:54 CET, Jan Kundrát wrote:
Comments and feedback on how well it works or how it breaks
horribly are appreciated.
I did a first preliminary test: look at a pgp-signed message
(multipart/signed; protocol="application/pgp-signature";
micalg=pgp-sha256). The result was that I had to wait quite a bit with a
dark grey box telling me to wait, until it was ascertained that
Key [...] is not available in the keyring.
Cannot verify signature validity or do anything else. The message might or
might not have been tampered with.
This is correct (I haven't even figured out yet how to add keys to whatever
keyring is being made reference to).
Feedback: for messages that are signed but not encrypted, there is no
reason to have people wait on the message while the signature is being
checked. If possible: show it immediately, but with an indication that the
signature is being checked.
Best
Erik
